CAS-005 Dumps Questions Increase Your Chance of Success

Category:

Comments:

0 Comments

Post Date:

August 18, 2024

Passing the CAS-005 certification exam can be challenging, which is why practicing with CAS-005 questions can greatly increase your chances of success. CompTIA CAS-005 dumps questions help you become familiar with the exam format. The CAS-005 questions are designed to mimic the actual exam, which means that you'll get a feel for the types of questions you'll encounter, the difficulty level, and the time limit. All the CAS-005 exam dumps questions are the latest version for you to study. Test free CAS-005 exam questions below.

Page 1 of 8

1. An organization wants to create a threat model to identity vulnerabilities in its infrastructure.

Which of the following, should be prioritized first?

External-facing Infrastructure with known exploited vulnerabilities

Internal infrastructure with high-seventy and Known exploited vulnerabilities

External facing Infrastructure with a low risk score and no known exploited vulnerabilities

External-facing infrastructure with a high risk score that can only be exploited with local access to the resource

2. A company's help desk is experiencing a large number of calls from the finance department slating access issues to www bank com.

The security operations center reviewed the following security logs:

Which of the following is most likely the cause of the issue?

Recursive DNS resolution is failing

The DNS record has been poisoned.

DNS traffic is being sinkholed.

The DNS was set up incorrectly.

3. A security engineer discovers that some legacy systems are still in use or were not properly decommissioned. After further investigation, the engineer identifies that an unknown and potentially malicious server is also sending emails on behalf of the company.

The security engineer extracts the following data for review:

Which of the following actions should the security engineer take next? (Select two).

Rotate the DKIM selector to use another key.

Change the DMARC policy to reject and remove references to the server.

Remove the unnecessary servers from the SPF record.

Change the SPF record to enforce the hard fail parameter.

Update the MX record to contain only the primary email server.

Change the DMARC policy to none and monitor email flow to establish a new baseline.

4. Which of the following is the main reason quantum computing advancements are leading companies and countries to deploy new encryption algorithms?

Encryption systems based on large prime numbers will be vulnerable to exploitation

Zero Trust security architectures will require homomorphic encryption.

Perfect forward secrecy will prevent deployment of advanced firewall monitoring techniques

Quantum computers will enable malicious actors to capture IP traffic in real time

5. Company A acquired Company B and needs to determine how the acquisition will impact the attack surface of the organization as a whole.

Which of the following is the best way to achieve this goal? (Select two).

Implementing DLP controls preventing sensitive data from leaving Company B's network

A. Documenting third-party connections used by Company B

B. Reviewing the privacy policies currently adopted by Company B

C. Requiring data sensitivity labeling tor all files shared with Company B

D. Forcing a password reset requiring more stringent passwords for users on Company B's network

E. Performing an architectural review of Company B's network

6. A financial services organization is using Al lo fully automate the process of deciding client loan rates.

Which of the following should the organization be most concerned about from a privacy perspective?

Model explainability

Credential Theft

Possible prompt Injections

Exposure to social engineering

7. After an organization met with its ISAC, the organization decided to test the resiliency of its security controls against a small number of advanced threat actors.

Which of the following will enable the security administrator to accomplish this task?

Adversary emulation

Reliability factors

Deployment of a honeypot

Internal reconnaissance

8. A security analyst needs to ensure email domains that send phishing attempts without previous communications are not delivered to mailboxes.

The following email headers are being reviewed

Which of the following is the best action for the security analyst to take?

A. Block messages from hr-saas.com because it is not a recognized domain.

B. Reroute all messages with unusual security warning notices to the IT administrator

C. Quarantine all messages with sales-mail.com in the email header

D. Block vendor com for repeated attempts to send suspicious messages

9. A security analyst is reviewing suspicious log-in activity and sees the following data in the SICM:

Which of the following is the most appropriate action for the analyst to take?

Update the log configuration settings on the directory server that Is not being captured properly.

Have the admin account owner change their password to avoid credential stuffing.

Block employees from logging in to applications that are not part of their business area.

implement automation to disable accounts that nave been associated with high-risk activity.

10. After a vendor identified a recent vulnerability, a severity score was assigned to the vulnerability. A notification was also publicly distributed.

Which of the following would most likely include information regarding the vulnerability and the recommended remediation steps?

CVE

CVSS

CCE

CPE

Page 2 of 8

11. 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 34 6d be 66 00 00 00 00 00 00 00 00 e0 00 0f 03 0b 01 05 00 00 70 00 00 00 10 00 00 00 d0 00 00 70 4c 01 00 00 e0 00 00 00 50 01 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 60 01 00 00 02 00 00 00 00 00 00 03 00 00 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00

Attempts to run the code in a sandbox produce no results.

Which of the following should the malware analyst do next to further analyze the malware and discover useful IoCs?

Convert the hex-encoded sample to binary and attempt to decompile it.

Run the encoded sample through an online vulnerability tool and check for any matches.

Pad the beginning and end of the sample with binary executables and attempt to execute it.

Use a disassembler on the unencoded snippet to convert from binary to ASCII text.

12. After an incident response exercise, a security administrator reviews the following table:

Which of the following should the administrator do to beat support rapid incident response in the future?

A. Automate alerting to IT support for phone system outages.

B. Enable dashboards for service status monitoring

C. Send emails for failed log-In attempts on the public website

D. Configure automated Isolation of human resources systems

13. A threat hunter is identifying potentially malicious activity associated with an APT. When the threat hunter runs queries against the SIEM platform with a date range of 60 to 90 days ago, the involved account seems to be typically most active in the evenings. When the threat hunter reruns the same query with a date range of 5 to 30 days ago, the account appears to be most active in the early morning.

Which of the following techniques is the threat hunter using to better understand the data?

TTP-based inquiries

User behavior analytics

Adversary emulation

OSINT analysis activities

14. Source code snippets for two separate malware samples are shown below:

Sample 1:

knockEmDown(String e) {

if(target.isAccessed()) {

target.toShell(e);

System.out.printIn(e.toString());

c2.sendTelemetry(target.hostname.toString + " is " + e.toString());

} else { target.close();

}

}

Sample 2:

targetSys(address a) {

if(address.islpv4()) {

address.connect(1337);

address.keepAlive("paranoid");

String status = knockEmDown(address.current);

remote.sendC2(address.current + " is " + status);

} else {

throw Exception e;

}

}

Which of the following describes the most important observation about the two samples?

Telemetry is first buffered and then transmitted in paranoid mode.

The samples were probably written by the same developer.

Both samples use IP connectivity for command and control.

Sample 1 is the target agent while Sample 2 is the C2 server.

15. A developer needs to improve the cryptographic strength of a password-storage component in a web application without completely replacing the crypto-module.

Which of the following is the most appropriate technique?

Key splitting

Key escrow

Key rotation

Key encryption

Key stretching

16. A large organization deployed a generative AI platform for its global user population to use. Based on feedback received during beta testing, engineers have identified issues with user interface latency and page-loading performance for international users. The infrastructure is currently maintained within two separate data centers, which are connected using high-availability networking and load balancers.

Which of the following is the best way to address the performance issues?

Configuring the application to use a CDN

Implementing RASP to enable large language models queuing

Remote journaling within a third data center

Traffic shaping through the use of a SASE

17. A Chief Information Security Officer (CISO) is concerned that a company's current data disposal procedures could result in data remanence. The company uses only SSDs.

Which of the following would be the most secure way to dispose of the SSDs given the CISO's concern?

Degaussing

Overwriting

Shredding

Formatting

Incinerating

18. Which of the following best explains the business requirement a healthcare provider fulfills by encrypting patient data at rest?

Securing data transfer between hospitals

Providing for non-repudiation of data

Reducing liability from identity theft

Protecting privacy while supporting portability

19. An analyst has prepared several possible solutions to a successful attack on the company. The solutions need to be implemented with the least amount of downtime.

Which of the following should the analyst perform?

Implement all the solutions at once in a virtual lab and then run the attack simulation. Collect the metrics and then choose the best solution based on the metrics.

Implement every solution one at a time in a virtual lab, running a metric collection each time. After the collection, run the attack simulation, roll back each solution, and then implement the next. Choose the best solution based on the best metrics.

Implement every solution one at a time in a virtual lab, running an attack simulation each time while collecting metrics. Roll back each solution and then implement the next. Choose the best solution based on the best metrics.

Implement all the solutions at once in a virtual lab and then collect the metrics. After collection, run the attack simulation. Choose the best solution based on the best metrics.

20. Which of the following best describes the reason a network architect would enable forward secrecy on all VPN tunnels?

This process is a requirement to enable hardware-accelerated cryptography.

This process reduces the success of attackers performing cryptanalysis.

The business requirements state that confidentiality is a critical success factor.

Modern cryptographic protocols list this process as a prerequisite for use.

Page 3 of 8

21. A company’s internal network is experiencing a security breach, and the threat actor is still active. Due to business requirements, users in this environment are allowed to utilize multiple machines at the same time.

Given the following log snippet:

Which of the following accounts should a security analyst disable to best contain the incident without impacting valid users?

user-a

user-b

user-c

user-d

22. A security engineer wants to improve the security of an application as part of the development pipeline. The engineer reviews the following component of an internally developed web application that allows employees to manipulate documents from a number of internal servers: response = requests.get(url)

Users can specify the document to be parsed by passing the document URL to the application as a parameter.

Which of the following is the best solution?

Indexing

Output encoding

Code scanner

Penetration testing

23. A security analyst is using data provided from a recent penetration test to calculate CVSS scores to prioritize remediation.

Which of the following metric groups would the analyst need to determine to get the overall scores? (Select three).

Temporal

Availability

Integrity

Confidentiality

Base

Environmental

Impact

Attack vector

24. During a vulnerability assessment, a scan reveals the following finding: Windows Server 2016 Missing hotfix KB87728 - CVSS 3.1 Score: 8.1 [High] - Affected host 172.16.15.2

Later in the review process, the remediation team marks the finding as a false positive.

Which of the following is the best way to avoid this issue on future scans?

Getting an up-to-date list of assets from the CMDB

Performing an authenticated scan on the servers

Configuring the sensor with an advanced policy for fingerprinting servers

Coordinating the scan execution with the remediation team early in the process

25. An organization found a significant vulnerability associated with a commonly used package in a variety of operating systems. The organization develops a registry of software dependencies to facilitate incident response activities. As part of the registry, the organization creates hashes of packages that have been formally vetted.

Which of the following attack vectors does this registry address?

A. Supply chain attack

B. Cipher substitution attack

C. Side-channel analysis

D. On-path attack

E. Pass-the-hash attack

26. A senior security engineer flags me following log file snippet as hawing likely facilitated an attacker's lateral movement in a recent breach:

Which of the following solutions, if implemented, would mitigate the nsk of this issue reoccurnnp?

Disabling DNS zone transfers

Restricting DNS traffic to UDP'W

Implementing DNS masking on internal servers

Permitting only clients from internal networks to query DNS

27. An organization is developing on Al-enabled digital worker to help employees complete common tasks such as template development, editing, research, and scheduling. As part of the Al workload the organization wants to Implement guardrails within the platform.

Which of the following should the company do to secure the Al environment?

Limn the platform's abilities to only non-sensitive functions

Enhance the training model's effectiveness.

Grant the system the ability to self-govern

Require end-user acknowledgement of organizational policies.

28. Which of the following best explains the importance of determining organization risk appetite when operating with a constrained budget?

Risk appetite directly impacts acceptance of high-impact low-likelihood events.

Organizational risk appetite varies from organization to organization

Budgetary pressure drives risk mitigation planning in all companies

Risk appetite directly influences which breaches are disclosed publicly

29. A user tried to access a web page at http://10.1.1.1. Previously the web page did not require authentication, and now the browser is prompting for credentials.

Which of the following actions would best prevent the issue from reoccurring and reduce the likelihood of credential exposure?

Implementing 802.1x EAP-TTLS on access points to reduce the risk of evil twins

Transitioning internal services to use DNS security

Modifying web server configuration and utilizing X509 certificates for authentication

Installing new rules for the IDS to detect impersonation attacks

30. An organization is developing a disaster recovery plan that requires data to be backed up and available at a moment's notice.

Which of the following should the organization consider first to address this requirement?

Implement a change management plan to ensure systems are using the appropriate versions.

Hire additional on-call staff to be deployed if an event occurs.

Design an appropriate warm site for business continuity.

Identify critical business processes and determine associated software and hardware requirements.

Page 4 of 8

31. A social media company wants to change encryption ciphers after identifying weaknesses in the implementation of the existing ciphers.

The company needs the new ciphers to meet the following requirements:

• Utilize less RAM than competing ciphers.

• Be more CPU-efficient than previous ciphers.

• Require customers to use TLS 1.3 while broadcasting video or audio.

Which of the following is the best choice for the social media company?

IDEA-CBC

AES-GCM

ChaCha20-Poly1305

Camellia-CBC

32. A hospital provides tablets to its medical staff to enable them to more quickly access and edit patients' charts. The hospital wants to ensure that if a tablet is identified as lost or stolen and a remote command is issued, the risk of data loss can be mitigated within seconds.

The tablets are configured as follows:

• Full disk encryption is enabled.

• "Always On" corporate VPN is enabled.

• eFuse-backed keystore is enabled.

• Wi-Fi 6 is configured with SAE.

• Location services is disabled.

• Application allow list is unconfigured.

Assuming the hospital policy cannot be changed, which of the following is the best way to meet the hospital's objective?

Revoke the user VPN and Wi-Fi certificates

Cryptographically erase FDE volumes

Issue new MFA credentials to all users

Configure the application allow list

33. A company finds logs with modified time stamps when compared to other systems. The security team decides to improve logging and auditing for incident response.

Which of the following should the team do to best accomplish this goal?

Integrate a file-monitoring tool with the SIE

Change the log solution and integrate it with the existing SIE

Implement a central logging server, allowing only log ingestion.

Rotate and back up logs every 24 hours, encrypting the backups.

34. A central bank implements strict risk mitigations for the hardware supply chain, including an allow list for specific countries of origin.

Which of the following best describes the cyberthreat to the bank?

Ability to obtain components during wartime

Fragility and other availability attacks

Physical Implants and tampering

Non-conformance to accepted manufacturing standards

35. A user reports application access issues to the help desk.

The help desk reviews the logs for the user

Which of the following is most likely The reason for the issue?

The user inadvertently tripped the impossible travel security rule in the SSO system.

A threat actor has compromised the user's account and attempted to lop, m

The user is not allowed to access the human resources system outside of business hours

The user did not attempt to connect from an approved subnet

36. Which of the following AI concerns is most adequately addressed by input sanitation?

Model inversion

Prompt Injection

Data poisoning

Non-explainable model

37. A security officer received several complaints from users about excessive MPA push notifications at night The security team investigates and suspects malicious activities regarding user account authentication.

Which of the following is the best way for the security officer to restrict MI~A notifications''

A. Provisioning FID02 devices

B. Deploying a text message based on MFA

C. Enabling OTP via email

D. Configuring prompt-driven MFA

38. A security engineer must ensure that sensitive corporate information is not exposed if a company laptop is stolen.

Which of the following actions best addresses this requirement?

Utilizing desktop as a service for all company data and multifactor authentication

Using explicit allow lists of specific IP addresses and deploying single sign-on

Deploying mobile device management and requiring stronger passwords

Updating security mobile reporting policies and monitoring data breaches

39. A pharmaceutical lab hired a consultant to identify potential risks associated with Building 2, a new facility that is under construction.

The consultant received the IT project plan, which includes the following VLAN design:

Which of the following TTPs should the consultant recommend be addressed first?

Zone traversal

Unauthorized execution

Privilege escalation

Lateral movement

40. SIMULATION

You are tasked with integrating a new B2B client application with an existing OAuth workflow that must meet the following requirements:

. The application does not need to know the users' credentials.

. An approval interaction between the users and the HTTP service must be orchestrated.

. The application must have limited access to users' data.

INSTRUCTIONS

Use the drop-down menus to select the action items for the appropriate locations. All placeholders must be filled.

Page 5 of 8

41. An administrator needs to craft a single certificate-signing request for a web-server certificate.

The server should be able to use the following identities to mutually authenticate other resources over TLS:

• wwwJnt.comptia.org

• webserver01.int.comptia.org

• 10.5.100.10

Which of the following certificate fields must be set properly to support this objective?

Subject alternative name

Organizational unit

Extended key usage

Certificate extension

42. An enterprise is deploying APIs that utilize a private key and a public key to ensure the connection string is protected. To connect to the API, customers must use the private key.

Which of the following would best secure the REST API connection to the database while preventing the use of a hard-coded string in the request string?

Implement a VPN for all APIs

Sign the key with DSA

Deploy MFA for the service accounts

Utilize HMAC for the keys

43. An organization hires a security consultant to establish a SOC that includes a threat-modeling function. During initial activities, the consultant works with system engineers to identify antipatterns within the environment.

Which of the following is most critical for the engineers to disclose to the consultant during this phase?

Results from the most recent infrastructure access review

A listing of unpatchable IoT devices in use in the data center

Network and data flow diagrams covering the production environment

Results from the most recent software composition analysis

A current inventory of cloud resources and SaaS products in use

44. A subcontractor develops safety critical avionics software for a major aircraft manufacturer. After an incident, a third-party investigator recommends the company begin to employ formal methods in the development life cycle.

Which of the following findings from the investigation most directly supports the investigator's recommendation?

The system's bill of materials failed to include commercial and open-source libraries.

The company lacks dynamic and Interactive application security testing standards.

The codebase lacks traceability to functional and non-functional requirements.

The implemented software inefficiently manages compute and memory resources.

45. A recent security audit identified multiple endpoints have the following vulnerabilities:

• Various unsecured open ports

• Active accounts for terminated personnel

• Endpoint protection software with legacy versions

• Overly permissive access rules

Which of the following would best mitigate these risks? (Select three).

Local drive encryption

Secure boot

Address space layout randomization

Unneeded services disabled

Patching

Logging

Removal of unused accounts

Enabling BIOS password

46. A security engineer performed a code scan that resulted in many false positives. The security engineer must find asolution that improves the quality of scanning results before application deployment.

Which of the following is the best solution?

Limiting the tool to a specific coding language and tuning the rule set

Configuring branch protection rules and dependency checks

Using an application vulnerability scanner to identify coding flaws in production

Performing updates on code libraries before code development

47. After a penetration test on the internal network, the following report was generated:

Attack Target Result

Compromised host ADMIN01S.CORP.LOCAL Successful

Hash collected KRBTGT.CORP.LOCAL Successful

Hash collected SQLSV.CORP.LOCAL Successful

Pass the hash SQLSV.CORP.LOCAL Failed

Domain control CORP.LOCAL Successful

Which of the following should be recommended to remediate the attack?

A. Deleting SQLSV

B. Reimaging ADMIN01S

C. Rotating KRBTGT password

D. Resetting the local domain

48. The material finding from a recent compliance audit indicate a company has an issue with excessive permissions. The findings show that employees changing roles or departments results in privilege creep.

Which of the following solutions are the best ways to mitigate this issue? (Select two). Setting different access controls defined by business area

Implementing a role-based access policy

Designing a least-needed privilege policy

Establishing a mandatory vacation policy

Performing periodic access reviews

Requiring periodic job rotation

49. A security engineer is reviewing the following vulnerability scan report:

Which of the following should the engineer prioritize for remediation?

Apache HTTP Server

OpenSSH

Google Chrome

Migration to TLS 1.3

50. Recent repents indicate that a software tool is being exploited Attackers were able to bypass user access controls and load a database. A security analyst needs to find the vulnerability and recommend a mitigation.

The analyst generates the following output:

Which of the following would the analyst most likely recommend?

Installing appropriate EDR tools to block pass-the-hash attempts

Adding additional time to software development to perform fuzz testing

Removing hard coded credentials from the source code

Not allowing users to change their local passwords

Page 6 of 8

51. Which of the following best explains the business requirement a healthcare provider fulfills by encrypting patient data at rest?

Securing data transfer between hospitals

Providing for non-repudiation data

Reducing liability from identity theft

Protecting privacy while supporting portability.

52. Asoftware company deployed a new application based on its internal code repository Several customers are reporting anti-malware alerts on workstations used to test the application.

Which of the following is the most likely cause of the alerts?

A. Misconfigured code commit

B. Unsecure bundled libraries

C. Invalid code signing certificate

D. Data leakage

53. Which of the following is the security engineer most likely doing?

Assessing log in activities using geolocation to tune impossible Travel rate alerts

Reporting on remote log-in activities to track team metrics

Threat hunting for suspicious activity from an insider threat

Baselining user behavior to support advanced analytics

54. A user reports application access issues to the help desk.

The help desk reviews the logs for the user:

Which of the following is most likely the reason for the issue?

The user inadvertently tripped the geoblock rule in NGF

A threat actor has compromised the user's account and attempted to log in.

The user is not allowed to access the human resources system outside of business hours.

The user did not attempt to connect from an approved subnet.

55. An organization has been using self-managed encryption keys rather than the free keys managed by the cloud provider. The Chief Information Security Officer (CISO) reviews the monthly bill and realizes the self-managed keys are more costly than anticipated.

Which of the following should the CISO recommend to reduce costs while maintaining a strong security posture?

A. Utilize an on-premises HSM to locally manage keys.

B. Adjust the configuration for cloud provider keys on data that is classified as public.

C. Begin using cloud-managed keys on all new resources deployed in the cloud.

D. Extend the key rotation period to one year so that the cloud provider can use cached keys.

56. A security analyst is troubleshooting the reason a specific user is having difficulty accessing company resources.

The analyst reviews the following information:

Which of the following is most likely the cause of the issue?

A. The local network access has been configured to bypass MFA requirements.

B. A network geolocation is being misidentified by the authentication server

C. Administrator access from an alternate location is blocked by company policy

D. Several users have not configured their mobile devices to receive OTP codes

57. A financial technology firm works collaboratively with business partners in the industry to share threat intelligence within a central platform This collaboration gives partner organizations the ability to obtain and share data associated with emerging threats from a variety of adversaries.

Which of the following should the organization most likely leverage to facilitate this activity? (Select two).

A. CWPP

B. YAKA

C. ATTACK

D. STIX

E. TAXII

F. JTAG

58. A user submits a help desk ticket stating then account does not authenticate sometimes. An analyst

reviews the following logs for the user:

Which of the following best explains the reason the user's access is being denied?

incorrectly typed password

Time-based access restrictions

Account compromise

Invalid user-to-device bindings

59. A systems administrator works with engineers to process and address vulnerabilities as a result of continuous scanning activities. The primary challenge faced by the administrator is differentiating between valid and invalid findings.

Which of the following would the systems administrator most likely verify is properly configured?

Report retention time

Scanning credentials

Exploit definitions

Testing cadence

60. A company wants to implement hardware security key authentication for accessing sensitive information systems The goal is to prevent unauthorized users from gaining access with a stolen password.

Which of the following models should the company implement to b«st solve this issue?

Rule based

Time-based

Role based

Context-based

Page 7 of 8

61. A company was recently infected by malware. During the root cause analysis, the company determined that several users were installing their own applications. To prevent further compromises, the company has decided it will only allow authorized applications to run on its systems.

Which of the following should the company implement?

Signing

Access control

HIPS

Permit listing

62. An organization purchased a new manufacturing facility and the security administrator needs to:

• Implement security monitoring.

• Protect any non-traditional device(s)/network(s).

• Ensure no downtime for critical systems.

Which of the following strategies best meets these requirements?

Configuring honeypots in the internal network to capture malicious activity

Analyzing system behavior and responding to any increase in activity

Applying updates and patches soon after they have been released

Observing the environment and proactively addressing any malicious activity

63. The device event logs sourced from MDM software are as follows:

Device | Date/Time | Location | Event | Description

ANDROID_102 | 01JAN21 0255 | 38.9072N, 77.0369W | PUSH | APPLICATION 1220 INSTALL QUEUED ANDROID_102 | 01JAN21 0301 | 38.9072N, 77.0369W | INVENTORY | APPLICATION 1220 ADDED ANDROID_1022 | 01JAN21 0701 | 39.0067N, 77.4291W | CHECK-IN | NORMAL

ANDROID_1022 | 01JAN21 0701 | 25.2854N, 51.5310E | CHECK-IN | NORMAL ANDROID_1022 | 01JAN21 0900 | 39.0067N, 77.4291W | CHECK-IN | NORMAL

ANDROID_1022 | 01JAN21 1030 | 39.0067N, 77.4291W | STATUS | LOCAL STORAGE REPORTING 85% FULL

Which of the following security concerns and response actions would best address the risks posed by the device in the logs?

Malicious installation of an application; change the MDM configuration to remove application ID 1220

Resource leak; recover the device for analysis and clean up the local storage

Impossible travel; disable the device's account and access while investigating

Falsified status reporting; remotely wipe the device

64. A security engineer wants to reduce the attack surface of a public-facing containerized application.

Which of the following will best reduce the application's privilege escalation attack surface?

A. Implementing the following commands in the Dockerfile:RUN echo user:x:1000:1000iuser:/home/user:/dew/null > /ete/passwd

B. Installing an EDR on the container's host with reporting configured to log to a centralized SIFM and Implementing the followingalerting rules TF PBOCESS_USEB=rooC ALERT_TYPE=critical

C. Designing a muiticontainer solution, with one set of containers that runs the mam application, and another set oi containers that perform automatic remediation by replacing compromised containers or disabling compromised accounts

D. Running the container in an isolated network and placing a load balancer in a public-facing network. Adding the following ACL to the load balancer:PZRKZI HTTES from 0-0.0.0.0/0 pert 443

65. A company wants to modify its process to comply with privacy requirements after an incident involving PII data in a development environment. In order to perform functionality tests, the QA team still needs to use valid data in the specified format.

Which of the following best addresses the

risk without impacting the development life cycle?

Encrypting the data before moving into the QA environment

Truncating the data to make it not personally identifiable

Using a large language model to generate synthetic data

Utilizing tokenization for sensitive fields

66. Which of the following best describes a common use case for homomorphic encryption?

Processing data on a server after decrypting in order to prevent unauthorized access in transit

Maintaining the confidentiality of data both at rest and in transit to and from a CSP for processing

Transmitting confidential data to a CSP for processing on a large number of resources without revealing information

Storing proprietary data across multiple nodes in a private cloud to prevent access by unauthenticated users

67. An organization recently implemented a purchasing freeze that has impacted endpoint life-cycle management efforts.

Which of the following should a security manager do to reduce risk without replacing the endpoints?

Remove unneeded services

Deploy EDR

Dispose of end-of-support devices

Reimage the system

68. A security architect for a global organization with a distributed workforce recently received funding lo deploy a CASB solution.

Which of the following most likely explains the choice to use a proxy-based CASB?

The capability to block unapproved applications and services is possible

Privacy compliance obligations are bypassed when using a user-based deployment.

Protecting and regularly rotating API secret keys requires a significant time commitment

Corporate devices cannot receive certificates when not connected to on-premises devices

69. An organization is implementing advanced security controls associated with the execution of software applications on corporate endpoints. The organization must implement a deny-all, permit-by-exception approach to software authorization for all systems regardless of OS.

Which of the following should be implemented to meet these requirements?

A. SELinux

B. MDM

C. XDR

D. Block list

E. Atomic execution

70. Audit findings indicate several user endpoints are not utilizing full disk encryption During me remediation process, a compliance analyst reviews the testing details for the endpoints and notes the endpoint device configuration does not support full disk encryption.

Which of the following is the most likely reason me device must be replaced'

A. The HSM is outdated and no longer supported by the manufacturer

B. The vTPM was not properly initialized and is corrupt.

C. The HSM is vulnerable to common exploits and a firmware upgrade is needed

D. The motherboard was not configured with a TPM from the OEM supplier.

E. The HSM does not support sealing storage

Page 8 of 8

71. After several companies in the financial industry were affected by a similar incident, they shared information about threat intelligence and the malware used for exploitation.

Which of the following should the companies do to best indicate whether the attacks are being conducted by the same actor?

A. Apply code stylometry.

B. Look for common IOCs.

C. Use IOC extractions.

D. Leverage malware detonation.

72. A company wants to use loT devices to manage and monitor thermostats at all facilities The thermostats must receive vendor security updates and limit access to other devices within the organization.

Which of the following best addresses the company's requirements''

Only allowing Internet access to a set of specific domains

Operating lot devices on a separate network with no access to other devices internally

Only allowing operation for loT devices during a specified time window

Configuring IoT devices to always allow automatic updates

73. Which of the following security risks should be considered as an organization reduces cost and increases availability of services by adopting serverless computing?

Level of control and influence governments have over cloud service providers

Type of virtualization or emulation technology used in the provisioning of services

Vertical scalability of the infrastructure underpinning the serverless offerings

Use of third-party monitoring of service provisioning and configurations

74. As part of a security audit in the software development life cycle, a product manager must demonstrate and provide evidence of a complete representation of the code and modules used within the production-deployed application prior to the build.

Which of the following best provides the required evidence?

Software composition analysis

Runtime application inspection

Static application security testing

Interactive application security testing

75. A cloud engineer needs to identify appropriate solutions to:

• Provide secure access to internal and external cloud resources.

• Eliminate split-tunnel traffic flows.

• Enable identity and access management capabilities.

Which of the following solutions arc the most appropriate? (Select two).

A. Federation

B. Microsegmentation

C. CASB

D. PAM

E. SD-WAN

F. SASE

76. A systems administrator wants to use existing resources to automate reporting from disparate security appliances that do not currently communicate.

Which of the following is the best way to meet this objective?

Configuring an API Integration to aggregate the different data sets

Combining back-end application storage into a single, relational database

Purchasing and deploying commercial off the shelf aggregation software

Migrating application usage logs to on-premises storage

TAGS:

CAS-005, CAS-005 exam dumps

Notify of

Label

Name*

Email*

Website

Label

Name*

Email*

Website

0 Comments

Oldest

Newest Most Voted

Inline Feedbacks

View all comments

Get CAS-005 Dumps Full Version

Q&As: 250
Versions: PDF and Software Download Now

About Dumpsinfo

Dumpsinfo is a good platform providing the latest exam information and dumps questions for all IT certification exams. You can study all the latest exam dumps questions online.

[email protected]

Mon - Sat 9:00am - 6:00pm

CAS-005 Dumps Questions Increase Your Chance of Success

Related

Posts

CompTIA SK0-004 Exam Questions Simulate Actual SK0-004 Exam

Improve Your Knowledge with CLO-002 Exam Dumps

Online CV0-001 Exam Dumps Help You Build Confidence

Get Certified Easily with Online CV0-001 Dumps

About Us

EMAIL

Services

Opening Hours